P
US6834347B2ExpiredUtilityPatentIndex 92

Target self-security for upgrades for an embedded device

Assignee: IBMPriority: Apr 29, 2003Filed: Apr 29, 2003Granted: Dec 21, 2004
Est. expiryApr 29, 2023(expired)· nominal 20-yr term from priority
Inventors:GOODMAN BRIAN GERARDHILL MARK EDWARDJAQUETTE GLEN ALANSHIRATORI TOSHIYUKI
G06F 21/10G06F 21/6218G06F 21/572
92
PatentIndex Score
20
Cited by
9
References
33
Claims

Abstract

Authentication of an upgrade to computer readable program code of a target embedded device is accomplished by causing the computer processor of the embedded device to access an unique machine identifier; to access an identifier key associated with the upgrade; to process the identifier key and/or unique machine identifier, such as by decrypting the key and/or encrypting the identifier; to compare the identifier key with the unique machine identifier; and causing the computer processor, if the identifier key matches the unique machine identifier, to enable the upgrade; else, to fail the upgrade.

Claims

exact text as granted — not AI-modified
We claim:  
     
       1. An embedded device, comprising: 
       a computer processor;  
       at least one element operated by said computer processor;  
       a unique machine identifier; and  
       a memory storing computer readable program code for operating said computer processor, and for authenticating an upgrade to said computer readable program code, said computer readable program code comprising:  
       computer readable program code causing said computer processor to access said unique machine identifier;  
       computer readable program code causing said computer processor to access an identifier key associated with said upgrade;  
       computer readable program code causing said computer processor to process said accessed identifier key and/or and said accessed unique machine identifier;  
       computer readable program code causing said computer processor to compare said processed identifier key with said processed unique machine identifier in the same process space; and  
       computer readable program code causing said computer processor, if said processed identifier key matches said processed unique machine identifier, to enable said upgrade; else, to fail said upgrade.  
     
     
       2. The embedded device of  claim 1 , wherein said computer readable program code of said memory which causes said computer processor to enable said upgrade, causes said computer processor to set an enabling flag for said upgrade. 
     
     
       3. The embedded device of  claim 1 , wherein said computer readable program code of said memory which causes said computer processor to enable said upgrade, causes said computer processor to store said identifier key and/or said processed identifier key. 
     
     
       4. The embedded device of  claim 1 , wherein said computer processor is responsive to a power-on and/or reset to initiate said upgrade authentication, and wherein said computer readable program code of said memory which causes said computer processor to enable said upgrade, causes said computer processor, if said processed identifier key matches said processed unique machine identifier, to initialize said embedded device normally with said upgrade enabled; else, to initialize said embedded device without said upgrade. 
     
     
       5. The embedded device of  claim 1 , additionally comprising an input, and wherein said computer readable program code of said memory, additionally causes said computer processor to respond to an upgrade command received at said input, and initiate said upgrade authentication. 
     
     
       6. The embedded device of  claim 1 , wherein said computer readable code of said memory, additionally comprises computer readable code causing said computer processor, if said processed identifier key fails to match said processed unique machine identifier, to conduct at least one error recovery procedure on said unique machine identifier and/or identifier key; to again compare said processed identifier key with said processed unique machine identifier; and, if said processed identifier key matches said processed unique machine identifier, to enable said upgrade; else, to fail said upgrade. 
     
     
       7. The embedded device of  claim 1 , wherein: 
       said computer readable program code of said memory which causes said computer processor to access an identifier key associated with said upgrade, causes said computer processor to access an upgrade key associated with an identified upgrade;  
       said computer readable program code of said memory which causes said computer processor to process said identifier key, causes said computer processor to process said upgrade key;  
       said computer readable program code of said memory which causes said computer processor to compare said processed identifier key with said processed unique machine identifier, causes said computer processor to compare said processed upgrade key with said processed unique machine identifier; and  
       said computer readable program code of said memory which causes said computer processor to enable said upgrade and, else, to fail said upgrade, causes said computer processor, if said processed upgrade key matches said processed unique machine identifier, to enable said identified upgrade; else, to fail said identified upgrade.  
     
     
       8. The embedded device of  claim 7 , wherein said upgrade key comprises a code key and a machine identifier, and wherein: 
       said computer readable program code of said memory which causes said computer processor to process said upgrade key, causes said computer processor to process said code key; and  
       said computer readable program code of said memory which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer processor to compare said processed code key with said processed machine identifier and/or said processed unique machine identifier.  
     
     
       9. The embedded device of  claim 7 , wherein said upgrade key comprises a plurality of upgrade machine identifiers, and wherein: 
       said computer readable program code of said memory which causes said computer processor to process said upgrade key, causes said computer processor to process said plurality of upgrade machine identifiers; and  
       said computer readable program code of said memory which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer processor to compare said processed plurality of upgrade machine identifiers with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier is within a range between said processed plurality of upgrade machine identifiers.  
     
     
       10. The embedded-device of  claim 7 , wherein said upgrade key comprises an upgrade machine identifier and a count, and wherein: 
       said computer readable program code of said memory which causes said computer processor to process said upgrade key, causes said computer processor to process said upgrade machine identifier and/or said count; and  
       said computer readable program code of said memory which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer processor to compare said processed upgrade machine identifier and said count with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier is within a range between said processed upgrade machine identifier and a sum of said processed upgrade machine identifier and said count.  
     
     
       11. The embedded device of  claim 7 , wherein said upgrade key comprises an upgrade machine identifier and a qualifier, and wherein: 
       said computer readable program code of said memory which causes said computer processor to process said upgrade key, causes said computer processor to process said upgrade machine identifier and said qualifier; and  
       said computer readable program code of said memory which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer processor to compare said processed upgrade machine identifier and said qualifier with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier matches said processed upgrade machine identifier combined with said qualifier.  
     
     
       12. A method for authenticating an upgrade to computer readable program code of an embedded device, said embedded device comprising a computer processor; at least one element operated by said computer processor; and a memory storing computer readable program code for operating said computer processor, and said computer readable program code for authenticating an upgrade, said method comprising the steps of: 
       accessing an unique machine identifier of said embedded device;  
       accessing an identifier key associated with said upgrade;  
       processing said accessed identifier key and said accessed unique machine identifier;  
       comparing said processed identifier key with said processed unique machine identifier in the same process space; and  
       if-said processed identifier key matches said processed unique machine identifier, enabling said upgrade; else, failing said upgrade.  
     
     
       13. The method of  claim 12 , wherein said step of enabling said upgrade, comprises setting an enabling flag for said upgrade. 
     
     
       14. The method of  claim 12 , wherein said step of enabling said upgrade, comprises storing said identifier key. 
     
     
       15. The method of  claim 12 , wherein said method additionally comprises the step of responding to a power-on and/or reset of said embedded device, initiating said upgrade authentication; and wherein said step of enabling said upgrade, comprises, if said processed identifier key matches said processed unique machine identifier, initializing said embedded device normally with said upgrade enabled; else, initializing said embedded device without said upgrade. 
     
     
       16. The method of  claim 12 , wherein said embedded device additionally comprises an input, and wherein said method additionally comprises the step of responding to an upgrade command-received at said input, initiating said upgrade authentication. 
     
     
       17. The method of  claim 12 , additionally comprising the steps of: 
       if said processed identifier key fails to match said processed unique machine identifier, conducting at least one error recovery procedure on said unique machine identifier and/or said identifier key;  
       again comparing said processed identifier key with said processed unique machine identifier; and  
       if said processed identifier key matches said processed unique machine identifier, to enable said upgrade; else, to fail said upgrade.  
     
     
       18. The method of  claim 12 , wherein: 
       said step of accessing an identifier key associated with said upgrade, comprises accessing an upgrade key associated with an identified upgrade;  
       said step of processing said identifier key, comprises processing said upgrade key;  
       said step of comparing said processed identifier key with said processed unique machine identifier, comprises comparing said processed upgrade key with said processed unique machine identifier; and  
       said step of enabling said upgrade and, else, fail said upgrade, comprises, if said processed upgrade key matches said processed unique machine identifier, enabling said identified upgrade; else, failing said identified upgrade.  
     
     
       19. The method of  claim 18 , wherein said upgrade key comprises a code key and a machine identifier, and wherein: 
       said step of processing said upgrade key, comprises processing said code key; and  
       said step of comparing said processed upgrade key with said processed unique machine identifier, comprises comparing said processed code key with said processed machine identifier and/or said processed unique machine identifier.  
     
     
       20. The method of  claim 18 , wherein said upgrade key comprises a plurality of upgrade machine identifiers, and wherein: 
       said step of processing said upgrade key, comprises processing said plurality of upgrade machine identifiers; and  
       said step of comparing said processed upgrade key with said processed unique machine identifier, comprises comparing said processed plurality of upgrade machine identifiers with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier is within a range between said-processed plurality of upgrade machine identifiers.  
     
     
       21. The method of  claim 18 , wherein said upgrade key comprises an upgrade machine identifier and a count, and wherein: 
       said step of processing said upgrade key, comprises processing said upgrade machine identifier and/or said count; and  
       said step of comparing said processed upgrade key with said processed unique machine identifier, comprises comparing said processed upgrade machine identifier and said count with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier is within a range between said processed upgrade machine identifier and a sum of said processed upgrade machine identifier and said count.  
     
     
       22. The method of  claim 18 , wherein said upgrade key comprises an upgrade machine identifier and a qualifier, and wherein: 
       said step of processing said upgrade key, comprises processing said upgrade machine identifier and said qualifier; and  
       said step of comparing said processed upgrade key with said processed unique machine identifier, comprises comparing said processed upgrade machine identifier and said qualifier with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine-identifier matches said processed upgrade machine identifier combined with said qualifier.  
     
     
       23. A computer program product of a computer readable medium usable with a computer processor, said computer program product having computer readable program code embodied therein for authenticating an upgrade to an embedded device having a computer processor, at least one element operated by said computer processor, and a unique machine identifier, said computer readable program code comprising: 
       computer readable program code causing said computer processor to access said unique machine identifier;  
       computer readable program code causing said computer processor to access an identifier key associated with said upgrade;  
       computer readable program code causing said computer processor to process said accessed identifier key and said accessed unique machine identifier;  
       computer readable program code causing said computer processor to compare said processed identifier key with said processed unique machine identifier in the same process space; and  
       computer readable program code causing said computer processor, if said processed identifier key matches said processed unique machine identifier, to enable said upgrade; else, to fail said upgrade.  
     
     
       24. The computer program product of  claim 23 , wherein said computer readable program code which causes said computer processor to enable said upgrade, causes said computer processor to set an enabling flag for said upgrade. 
     
     
       25. The computer program product of  claim 23 , wherein said computer readable program code which causes said computer processor to enable said upgrade, causes said computer processor to store said identifier key and/or said processed identifier key. 
     
     
       26. The computer program product of  claim 23 , wherein said computer processor is responsive to a power-on and/or reset to initiate said upgrade authentication, and wherein said computer readable program code which causes said computer processor to enable said upgrade, causes said computer processor, if said processed identifier key matches said processed unique machine identifier, to initialize said embedded device normally with said upgrade enabled; else, to initialize said embedded device without said upgrade. 
     
     
       27. The computer program product of  claim 23 , additionally comprising an input, and wherein said computer readable program code additionally causes said computer processor to respond to an upgrade command received at said input, and initiate said upgrade authentication. 
     
     
       28. The computer program product of  claim 23 , wherein said computer readable code additionally causes said computer processor, if said processed identifier key fails to match said processed unique machine identifier, to conduct at least one error recovery procedure on said unique machine identifier and/or identifier key; to again compare said processed identifier key with said processed unique machine identifier; and, if said processed identifier key matches said processed unique machine identifier, to enable said upgrade; else, to fail said upgrade. 
     
     
       29. The computer program product of  claim 23 , wherein: 
       said computer readable program code which causes said computer processor to access an identifier key associated with said upgrade, causes said computer processor to access an upgrade key associated with an identified upgrade;  
       said computer readable program code which causes said computer processor to process said identifier key, causes said computer processor to process said upgrade key;  
       said computer readable program-code which-causes said computer processor to compare said processed identifier key with said processed unique machine identifier, causes said computer processor to compare said processed upgrade key with said processed unique machine identifier; and  
       said computer readable program code which causes said computer processor to enable said upgrade and, else, to fail said upgrade, causes said computer processor, if said processed upgrade key matches said processed unique machine identifier, to enable said identified upgrade; else, to fail said identified upgrade.  
     
     
       30. The computer program product of  claim 29 , wherein said upgrade key comprises a code key and a machine identifier, and wherein: 
       said computer readable program code which causes said computer processor to process said upgrade key, causes said computer processor to process said code key; and  
       said computer readable program code which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer processor to compare said processed code key with said processed machine identifier and/or said processed unique machine identifier.  
     
     
       31. The computer program product of  claim 29 , wherein said upgrade key comprises a plurality of upgrade machine identifiers, and wherein: 
       said computer readable program code which causes said computer processor to process said upgrade key, causes said computer processor to process said plurality of upgrade machine identifiers; and  
       said computer readable program code which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer processor to compare said processed plurality of upgrade machine identifiers with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier is within a range between said processed plurality of upgrade machine identifiers.  
     
     
       32. The computer program product of  claim 29 , wherein said upgrade key comprises an upgrade machine identifier and a count, and wherein: 
       said computer readable program code which causes said computer processor to process said upgrade key, causes said computer processor to process said upgrade machine identifier and/or said count; and  
       said computer readable program code which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer-processor to compare said processed upgrade machine identifier and said count with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier is within a range between said processed upgrade machine identifier and a sum of said processed upgrade machine identifier and said count.  
     
     
       33. The computer program product of  claim 29 , wherein said upgrade key comprises an upgrade machine identifier and a qualifier, and wherein: 
       said computer readable program code which causes said computer processor to process said upgrade key, causes said computer processor to process said upgrade machine identifier and said qualifier; and  
       said computer readable program code which causes said computer processor to compare said processed upgrade key with said processed unique machine identifier, causes said computer processor to compare said processed upgrade machine identifier and said qualifier with said processed unique machine identifier, said comparison indicated as matched if said processed unique machine identifier matches said processed upgrade machine identifier combined with said qualifier.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.